>
>
> Hi all. I'm interested in using SunNET SNMP on a few of the machines in
> my DMZ. I'm wondering the security implications of using this in my DMZ,
> protected at both ends by FW-1.
>
> Services such as SMTP and DNS come in from the Internet thru our external
> firewall.
>
> I'm not really too familiar with Sun's SNMP, but I understand that SNMP
> generally is insecure, correct? Is it suicide to even think about putting
> SNMP between the firewall's, in our DMZ? If so, why?
SNMP uses the read and write community to determine, if you are allowed to
read/write values from/to Devices. These are transmitted in clear text.
So if someone breaks into your DMZ, gets access to one of the machines in a
level, that he/she can do a tcpdump (or something similar) they get to your
communities. If you want to use set-requests (e.g. to write a new config to
your router or something like that) than this is probably not what you want.
Konstantin
>
> Thanks,
> Dave Wreski
>
>
>
--
Dipl. Inf. Konstantin Agouros - elwood @
genua .
de
GeNUA mbh, Raeterstr. 26, 85551 Kirchheim, Germany
Tel.: +49 89 99195019 Fax: +49 89 99195099
----------------------------------------------------
Most people say, "If it ain't broke, don't fix it.
For an engineer, if it ain't broke it doesn't have
enough features." Scott Adams, The Dilbert Principle
|
|
